Why it's time to upgrade to a
Next Generation Firewall
Dickens Lee
Dell
Dell SonicWALL’s legacy
1991
1996
2005
2007
2010
2011
2012
Founded Became leading provider of subscription services on optimized appliances Became the leader in unit share for Unified Threat Management Firewall appliances Shipped one million appliances worldwide Named to Visionaries Quadrant, Gartner Magic Quadrant for SSL VPNChanges in user behavior
•
Blogging
•
•
•
IM/Whatsapp
•
Cloud access
(e.g Dropbox)
•
Streaming video
(e.g Youtube)
•
Streaming audio
•
Downloading files
•
Freeware
(teamviewer , RDP)
Time spent on
was
greater than time spent on
sites for the first time in history.
(comScore, August 2010 )
Together
Facebook.com
and
Google.com
accounted for 14% of
all Internet visits last week.
(Hitwise, March 2010 )
Impacts to your Business
•
Virus, Spyware, Trojan, Rootkits, Worm
•
Spam, Phishing, Spear Phishing
•
Data Leakage
–
Classified document, trade secret
•
Bandwidth abuse, Impact on Network Performance
–
Populated with non-productive traffic
–
High latency Bad response time
•
Productivity increase or decrease
•
Federal or Industrial Regulatory Compliance issue
Next
Generation
Firewall
80 = HTTP
443 = HTTPS
Web Traffic
Web Traffic
Stateful Firewall
•
Protection centered around IP, ports & protocols
•
Allow/Deny in any application over 80/443
•
To a traditional firewall, all “web” traffic looks legitimate
•
Do not inspect every port (Customize apps)
•
Allow Trojans, Rootkits, Malware into the network
Application Chaos
Who is to say for you what apps are important or not you?
Unimportant Apps
Next Generation Firewall Technology
1.
Firewall - Stateful Packet Inspection
2.
Intrusion Prevention
– The front-line network defense against application attacks
3.
Application Identification & Visualization
– Can’t control what you can’t see
4.
User Identification through Single Sign On (SSO)
– Correlate network traffic with users
5.
Application Control
– Granular control (Allow Facebook, Block Social Gaming)
6.
SSL Decryption
– Don’t allow threats to tunnel through encrypted channels
Dell SonicWALL Next-Generation Firewall
Unacceptable Apps Acceptable Apps Critical Apps Malware Blocked Application Chaos Identify Ingress Reassembly-Free Deep Packet InspectionNetwork Traffic Visualization
Real-time Traffic Breakdown
User Traffic Consumption
Identify P2P Traffic
Identify and Control Applications
Application
Library with over
4200 unique
Application Uses
Granular Control
Allow Facebook, Block
BitTorrent
Allow Chat, Block File Transfer
-
Group/User Based
-
Schedule Based
How Traditional Firewall & IPS fail:
security/performance tradeoff
•
Force administrators to choose between
security and performance
•
Admins often wind up turning off
security when performance suffers
•
Slow networks hurt productivity
Highly Efficient
Single-Pass RFDPI
Security Engine
Proven & Proprietary Reassembly Free Deep Packet Inspection
Preprocessors Postprocessors TCP Reassembly Policy Decision API
Deep Packet Inspection Engine (Anti-Malware, IPS, Application)
Pattern Definition Language Interpreter
Signature Signature
Input Packet Output Packet
NGFW Integrated Architecture:
Low-Latency Ultra-Scalable Single Pass Deep
Packet Inspection Engine
Linearly Scalable on a Massively Multi-Core
Architecture
1 Core 96 Cores
•
Cavium
cpu custom built to understand network
communications at hardware level (TCP acceleration;
compression/decompression/encryption etc)
•
Parallel processing for multiple data streams
Dell Sonicwall NFGW solution
VPN IPS Users Servers Firewall Antivirus Antispam URL Filters Proxy ApplicationDell Sonicwall NFGW
Functions with performance guarantee
•
Single Sign On
•
URL web control
•
Application control
Dell
Dell SonicWALL Next-Gen Firewalls &
Unified Threat Management Firewalls
SuperMassive E10000 Series Data Centers, ISPs
E-Class NSA Series Medium to large organizations NSA Series Branch offices and medium sized organizations TZ Series Small and
E10200 E10400 E10800
NSA E8500 NSA E6500 NSA E5500 NSA E8510
Dell SonicWALL SuperMassive™ E10000
Text
• SuperMassive E10800 running SonicOS is the highest overall protection Next-Gen Firewall recommended by NSS Labs in the 2012 Next-Gen Firewall Security Value Map
• Proven SonicOS architecture is at the core of every SonicWALL firewall from the SuperMassive™ E10800 to the TZ105
• Detects, classifies and controls over 4,200 unique apps • Powerful IPS, Multi-gig performance
• Management/visualization of traffic • RFDPI technology
• SSL traffic inspection
• High availability: A/P, A/A, StateSync, clustering
Comprehensive
Inspection
The Technology
• 96 processor cores • 40 Gbps Firewall Inspection • 30 Gbps IPS• 30 Gbps Application Intelligence and Control